Results 1 to 6 of 6
  1. #1
    Star Lounger
    Join Date
    Jun 2011
    Location
    Nebraska
    Posts
    82
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Question XP Mode and managability by Service Desk in a Domain

    We are working on our deployment & support plan for Win7 (~600 computers). Some depts. have legacy apps that will need to run in XP Mode. Rather than re-invent the wheel, I'd like to ask how others handle the support for these WinXP virtual boxes. My first reaction is that it can be minimal - if we remote in to the PC (we use UltraVNC now) we can use it to dive into the VM once we're connected to the host. But ... others think we may need some sort of control over the VM, in which case we treat it as a 'stand-alone' PC. By doing that, we apply GPO's, deploy certain packages and apps, and lock it down.

    What are others doing in this environment?
    Mike W.
    Location: A Great Plains State

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,571
    Thanks
    5
    Thanked 1,056 Times in 925 Posts
    We are using UltrVNC to access the PC then start XP mode and do what is needed. Note: we also are using Windows Intune for patch management. It is installed on all PCs including XP mode. Next version of Intune due to be released in October is supposed to allow installation of third party apps too. If you really need to apply GPOs and lock down the VM I don't see a problem with that either.

    Joe

  3. #3
    Star Lounger
    Join Date
    Jun 2011
    Location
    Nebraska
    Posts
    82
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Thanks, Joe. We use WSUS, but I'm thinking it wouldn't patch the VM's unless they were 'discoverable' in the Domain. I had thought of maybe setting Updates in it to Auto to get the important updates and keep us from having to check every so often.
    Mike W.
    Location: A Great Plains State

  4. #4
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,571
    Thanks
    5
    Thanked 1,056 Times in 925 Posts
    I thought with WSUS that all you had to do was configure the PC to access the WSUS server by changing the two policies. I don't recall any requirement to be a domain member but I could be wrong.

    Joe

  5. #5
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Milwaukee, WI
    Posts
    737
    Thanks
    23
    Thanked 64 Times in 52 Posts
    We like to avoid 3rd party products whenever possible, not to mention, we've had horrible performance using VNC due to limited bandwidth to most of our locations. We use the built in Remote Assistance. Its essentially RDP and performance is excellent. There is a link below to an FAQ. Do a Google search and you'll find plenty of articles on how to set it up. The gist of it is that you turn on the componants in your image and then there is nothing special to configure when deploying the imgae. We setup a VB Script that automatically generates the ticket so that the user doens't have to do anything other than double click a shortcut. All you need is a share that everyone has write access to.

    As far as XP Mode, we thought we'd have to use it but so far have found workarounds for everything, even some 10 year old software that was designed for Win 95. With that in mind, we are using Win7 32 Bit. 64 Bit just isn't going to work right now for many corporate environments. What we have found with most legacy apps is that the hang up is almost always file system premissions. More often than not, giving "Authenticated Users" full access to the application's Program Files folder allows the app to work in Win7 without using XP Mode, or other compatbility options. We have one finance app that will not run in 7 at all, including XP Mode. For that one we keep an XP PC with a KVM switch on the user's desk. They are in the process of upgrading it to a Win 7 compatable version, so its a temporary solution. If you do need to use XP Mode, you have to treat it as a seperate OS. Check with your AV vendor, they may have a different licensing model for the VMs.

    WSUS does not require domain membership. We use it to patch, and did so before our PCs were on the domain. We also use GPO extensively.

    VB Script for Remote Assistance request:
    Set WshShell = Wscript.CreateObject("Wscript.Shell")

    strUser = WshShell.ExpandEnvironmentStrings("%username%")
    strPassword = "yourpassword"
    strPath = "\\servername\sharename"
    strTicketName = strUser & "-" & Year(Now) & "-" & Month(Now) & "-" & Day(Now) & "@" & Hour(Now) & "." & Minute(Now)
    strFilePath = strPath & StrTicketName

    strRA = "msra.exe /saveasfile" & " " & Chr(34) & strFilePath & Chr(34) & " " & strPassword

    WshShell.Run strRA



    http://windows.microsoft.com/en-US/w...sked-questions
    Last edited by Doc Brown; 2011-09-16 at 14:11.
    Chuck

  6. #6
    Star Lounger
    Join Date
    Jun 2011
    Location
    Nebraska
    Posts
    82
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Thanks everyone; good advice. As for WSUS, it's been awhile since I'd worked with it. Had it in my head that it had to be part of the domain to get patches from it.
    Mike W.
    Location: A Great Plains State

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •